State-backed cyber groups from Iran, North Korea, China, and Russia are increasingly using artificial intelligence to sharpen their attacks, according to a new quarterly report from Google’s Threat Intelligence Group (GTIG).
The findings show that large language models, including Google’s Gemini, are being integrated across the cyberattack lifecycle. From reconnaissance and social engineering to malware development, AI tools are helping threat actors work faster and craft more convincing campaigns.
“Large language models have become essential tools for technical research, targeting, and the rapid generation of nuanced phishing lures,” GTIG researchers said in the report, which covers activity observed in the final quarter of 2025.
AI-Enhanced Reconnaissance and Social Engineering
One Iranian group, APT42, used Gemini to gather intelligence and refine its phishing efforts. According to the report, the group relied on the AI model to identify official email addresses and research targets in order to build believable backstories. By inputting biographical information, attackers were able to generate tailored personas designed to engage victims.
The tool was also used for language translation and refining phrasing, helping attackers avoid common red flags such as awkward grammar that often exposes phishing attempts.
North Korean actor UNC2970, known for targeting defense organizations and impersonating corporate recruiters, also used AI to analyze open-source data. The group researched cybersecurity and defense firms, mapped technical job roles, and gathered salary data to construct more credible recruitment-themed phishing messages.
GTIG noted that such activity can appear similar to legitimate professional research, making it harder to distinguish malicious reconnaissance from routine data gathering.
Surge in Model Extraction Attempts
Beyond using AI for attacks, threat actors are also trying to steal from AI systems themselves.
Google DeepMind and GTIG reported a rise in so-called “model extraction” or “distillation” attacks. In one case, attackers submitted more than 100,000 prompts to Gemini in an attempt to replicate its reasoning processes, particularly in non-English contexts.
While Google said it has not seen advanced persistent threat (APT) groups successfully compromise frontier AI models, it has detected and disrupted numerous attempts by private entities and researchers seeking to clone proprietary capabilities. The company’s systems flagged these efforts in real time and deployed safeguards to protect internal reasoning data.
AI-Integrated Malware and Phishing Kits
The report also highlights malware samples that directly integrate AI services. One strain, tracked as HONESTCUE, uses Gemini’s API to generate malicious code on demand. The malware sends prompts to the AI and receives C# source code in response, compiling and executing it in memory without leaving files on disk. This fileless approach makes detection more difficult.
Separately, researchers identified a phishing kit known as COINBAIT, which impersonates a major cryptocurrency exchange to harvest credentials. The kit was likely accelerated using AI-powered development tools.
In another campaign first observed in December 2025, attackers exploited public sharing features on platforms such as Gemini, ChatGPT, Copilot, DeepSeek, and Grok. They created convincing troubleshooting guides embedded with malicious command-line scripts, then distributed links to these AI-generated chat transcripts. The tactic allowed attackers to host harmful instructions on trusted domains, lending them an air of legitimacy.
Underground Markets and Stolen API Keys
GTIG also observed sustained demand for AI-powered tools on underground forums in both English and Russian. However, rather than building their own AI systems, many actors rely on stolen API keys to access commercial products.
One toolkit, marketed as “Xanthorox,” claimed to be a custom AI built for autonomous malware generation and phishing development. Google’s investigation found it was powered by existing commercial models, including Gemini, accessed through compromised credentials.
Google’s Response
Google says it has disabled accounts and infrastructure linked to malicious activity and strengthened its models to reduce the risk of misuse. The company emphasized that while AI is being integrated into cyber operations, there has been no fundamental shift in the overall threat landscape.
“We are committed to developing AI boldly and responsibly,” the report states, adding that proactive disruption and continuous model improvements remain central to its approach.
A Changing Cybersecurity Landscape
The report underscores a growing reality: artificial intelligence is becoming a standard tool for both attackers and defenders. For organizations worldwide, particularly in regions facing active state-sponsored threats, the findings serve as a reminder to strengthen defenses against increasingly sophisticated social engineering and reconnaissance tactics.
AI may not have revolutionized cyber warfare overnight, but it is clearly accelerating it. As technology evolves, so too does the contest between those seeking to exploit it and those working to secure it.
